This is an automated email from the ASF dual-hosted git repository.
fschumacher pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 7e2cd05cee Catch NamingException instead of specialized sub-classes
7e2cd05cee is described below
commit 7e2cd05cee8de346c3096437b5dda8da361dd47f
Author: Felix Schumacher <[email protected]>
AuthorDate: Thu Jul 20 11:14:19 2023 +0200
Catch NamingException instead of specialized sub-classes
In Java 8 and up to 17 a closed connection is signaled with
a NamingException and not a CommunicationException ora
ServiceUnavailableException. Such a condition should lead
to re-opening the LDAP connection.
In Java 18 it is fixed by https://bugs.openjdk.org/browse/JDK-8273402
---
java/org/apache/catalina/realm/JNDIRealm.java | 10 +++++++---
webapps/docs/changelog.xml | 4 ++++
2 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/catalina/realm/JNDIRealm.java
b/java/org/apache/catalina/realm/JNDIRealm.java
index 619a704c99..a68f1a0db1 100644
--- a/java/org/apache/catalina/realm/JNDIRealm.java
+++ b/java/org/apache/catalina/realm/JNDIRealm.java
@@ -37,7 +37,6 @@ import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import javax.naming.AuthenticationException;
-import javax.naming.CommunicationException;
import javax.naming.CompositeName;
import javax.naming.Context;
import javax.naming.InvalidNameException;
@@ -47,7 +46,6 @@ import javax.naming.NameParser;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.PartialResultException;
-import javax.naming.ServiceUnavailableException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.DirContext;
@@ -2356,7 +2354,13 @@ public class JNDIRealm extends RealmBase {
// Authenticate the specified username if possible
principal = getPrincipal(connection, username, gssCredential);
- } catch (CommunicationException | ServiceUnavailableException e) {
+ } catch (NamingException e) {
+ /* While we would like to catch specialized exceptions like
+ * CommunicationException and ServiceUnavailableException,
+ * some network communication problems are reported as
+ * this general exception. This is fixed in Java 18 by
+ * https://bugs.openjdk.org/browse/JDK-8273402
+ */
// log the exception so we know it's there.
containerLog.info(sm.getString("jndiRealm.exception.retry"),
e);
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index f8b8f3f95e..b567b43f56 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -124,6 +124,10 @@
presistence process, do not log a warning that null Principals are not
serializable. Pull request <pr>638</pr> provided by tsryo. (markt)
</fix>
+ <fix>
+ Catch <code>NamingException</code> in
<code>JNDIRealm#getPrincipal</code>.
+ It is used in Java up to 17 to signal closed connections. (fschumacher)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
